Internet Control Message Protocol

Definition

The Internet Control Message Protocol (ICMP) is

“

[a] protocol that is used to send control messages between hosts on a network. One example of the use of this protocol is when someone tries to send a packet to a host that has been turned off or is no longer available. In this case, the last active network appliance will detect this problem and will send a “host unreachable” ICMP message back to the originating host.[1]

”

Overview

"ICMP packets can contain diagnostic (ping, traceroute), error (network/host/port unreachable), information (timestamp, address mask request, etc.), or control (source quench, redirect, etc.) messages. Although these messages are generally harmless, there are nevertheless some message types that should be dropped. Some ICMP messages can be used to redirect traffic from a web site. Other messages can leak information about a host that could be helpful to an attacker. ICMP messages are also sometimes used as part of DOS attacks (e.g., flood ping, ping of death)."^[2]

References

1. Law Enforcement Tech Guide for Information Technology Security: How to Assess Risk and Establish Effective Policies, at 190.
2. Privacy Impact Assessment EINSTEIN Program: Collecting, Analyzing, and Sharing Computer Security Information Across the Federal Civilian Government, at 7.